Skills
skills/developerscoffee/java-cwe-security-skills/cwe-77-command-injection/Gen Agent Trust Hub

cwe-77-command-injection

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [NO_CODE]: The skill is composed exclusively of Markdown instructions and lacks any executable scripts, binaries, or automated tasks.
  • [EXTERNAL_DOWNLOADS]: Includes a reference to the author's own GitHub repository (github.com/DevelopersCoffee/java-cwe-security-skills) for source identification. As a vendor-owned resource, this is considered a safe reference.
  • [PROMPT_INJECTION]: The skill facilitates the processing of user-supplied Java source code for remediation purposes, which creates a surface for indirect prompt injection.
  • Ingestion points: Java code fragments provided by users during the remediation process.
  • Boundary markers: There are no specific delimiters or instructions to ignore potential commands embedded in the code being analyzed.
  • Capability inventory: The skill is purely informational and lacks any command execution or network capabilities.
  • Sanitization: No sanitization logic is present as the skill contains no functional code.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 09:39 PM